Fortinet Fortinet Certifications NSE7_EFW-6.4 Questions & Answers

• Question 41:

  View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.

  

  Which statements about this debug output are correct? (Choose two.)

  A. The remote gateway IP address is 10.0.0.1.

  B. It shows a phase 1 negotiation.

  C. The negotiation is using AES128 encryption with CBC hash.

  D. The initiator has provided remote as its IPsec peer ID.

  Correct Answer: BD

• Question 42:

  Which the following events can trigger the election of a new primary unit in a HA cluster? (Choose two.)

  A. Primary unit stops sending HA heartbeat keepalives.

  B. The FortiGuard license for the primary unit is updated.

  C. One of the monitored interfaces in the primary unit is disconnected.

  D. A secondary unit is removed from the HA cluster.

  Correct Answer: AC

• Question 43:

  View the exhibit, which contains an entry in the session table, and then answer the question below.

  

  Which one of the following statements is true regarding FortiGate's inspection of this session?

  A. FortiGate applied proxy-based inspection.

  B. FortiGate forwarded this session without any inspection.

  C. FortiGate applied flow-based inspection.

  D. FortiGate applied explicit proxy-based inspection.

  Correct Answer: A

  https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042

• Question 44:

  Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question

  below.

  Why didn't the tunnel come up?

  A. IKE mode configuration is not enabled in the remote IPsec gateway.

  B. The remote gateway's Phase-2 configuration does not match the local gateway's phase- 2 configuration.

  C. The remote gateway's Phase-1 configuration does not match the local gateway's phase- 1 configuration.

  D. One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.

  Correct Answer: C

• Question 45:

  A FortiGate device has the following LDAP configuration:

  

  The administrator executed the `dsquery' command in the Windows LDAp server 10.0.1.10, and got the

  following output:

  >dsquery user -samid administrator

  "CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab"

  Based on the output, what FortiGate LDAP setting is configured incorrectly?

  A. cnid.

  B. username.

  C. password.

  D. dn.

  Correct Answer: B

  https://kb.fortinet.com/kb/viewContent.do?externalId=FD37516

• Question 46:

  Examine the output of the `diagnose sys session list expectation' command shown in the exhibit; than answer the question below.

  

  Which statement is true regarding the session in the exhibit?

  A. It was created by the FortiGate kernel to allow push updates from FotiGuard.

  B. It is for management traffic terminating at the FortiGate.

  C. It is for traffic originated from the FortiGate.

  D. It was created by a session helper or ALG.

  Correct Answer: D

• Question 47:

  Refer to exhibit, which contains the output of a BGP debug command.

  

  Which statement explains why the state of the 10.200.3.1 peer is Connect?

  A. The local router is receiving BGP keepalives from the remote peer, but the local peer has not received the OpenConfirm yet.

  B. The TCP session to 10.200.3.1 has not completed the three-way handshake.

  C. The local router is receiving the BGP keepalives from the peer, but it has not received a BGP prefix yet.

  D. The local router has received the BGP prefixes from the remote peer.

  Correct Answer: B

• Question 48:

  Examine the following partial outputs from two routing debug commands; then answer the question below.

  # get router info kernel

  tab=254 vf=0 scope=0type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

  gwy=10.200.1.254 dev=2(port1)

  tab=254 vf=0 scope=0type=1 proto=11 prio=10 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0

  gwy=10.200.2.254 dev=3(port2)

  tab=254 vf=0 scope=253type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/.->10.0.1.0/24 pref=10.0.1.254

  gwy=0.0.0.0 dev=4(port3)

  # get router info routing-table all s*0.0.0.0/0 [10/0] via 10.200.1.254, portl [10/0] via 10.200.2.254, port2,

  [10/0] dO.0.1.0/24 is directly connected, port3 dO.200.1.0/24 is directly connected, portl d0.200.2.0/24 is

  directly connected, port2 Which outbound interface or interfaces will be used by this FortiGate to route web traffic from internal users to the Internet?

  A. port!

  B. port2.

  C. Both portl and port2.

  D. port3.

  Correct Answer: B

• Question 49:

  Which two statements about bulk configuration changes made using FortiManager CLI scripts are correct? (Choose two.)

  A. When run on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate device.

  B. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

  C. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

  D. When run on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate device.

  Correct Answer: AB

  Reference: https://docs.fortinet.com/document/fortimanager/6.2.1/administration- guide/71780/cli-scripts

• Question 50:

  View the exhibit, which contains the partial output of a diagnose command, and then answer the question below.

  

  Based on the output, which of the following statements is correct?

  A. Anti-reply is enabled.

  B. DPD is disabled.

  C. Quick mode selectors are disabled.

  D. Remote gateway IP is 10.200.5.1.

  Correct Answer: A